Overview
You have an issue with the scheduled agent scans causing high CPU usage or Disk Write server spikes in the vCloud environment.
Solution
Virtual environments, by their nature, are very sensitive to the situations where CPU or I/O demand is not meeting the actual available resources, and such contention can slow down the virtual machines and cause high CPU or disk write server spikes. Such situations can be caused by various environment variables and configuration settings, as well as the operations performed.
Ensure that the System Requirements are met
First of all, verify that computers running LanGuard Agents are meeting the GFI LanGuard Agent and Relay Agent System Requirements, and LanGuard Server hardware requirements are sufficient for the number of scanned machines. If the requirements are not met, adjust your virtual machine(s) configurations.
Ensure Proper Antivirus Exclusions and Database Maintenance
The next common root cause that can severely affect performance is when the required antivirus exclusions are not configured. Verify whether the following folders on the server and the target clients are added to antivirus exclusions:
<system drive>:\ProgramData\GFI\
- 64-bit:
<system drive>:\Program Files (x86)\GFI\
- 32-bit:
<system drive>:\Program Files\GFI\
- The folders of the MS SQL server instance and the database files (*.mdf/*.ldf)
If any of the folders above are not excluded from antivirus scanning, add them to exclusions. More recommendations for best performance, including maintaining the SQL database, can be viewed in Recommended settings for Best Performance in GFI LanGuard.
Address the Concurrent Process Contention
If the system requirements and the antivirus exclusions are met, the resource contention may be caused by many agent scans happening simultaneously on the same hypervisor host or by other processes running concurrently with the agent scanning on the target machine or the server.
Refer to the steps below to address this.
-
Space out the agent scanning schedules to lessen the vCloud host's load since the main CPU usage would occur when the scan results are being sent back to the LanGuard server and subsequently saved to the SQL database.
Agent scanning schedules can be adjusted either individually, by OU or workgroup, or by attribute; for the details, please refer to the guidelines in Changing the LanGuard Agent Scan Schedule article. The new schedule will be received by each agent the next time it checks in for an update to the LanGuard server.
-
Schedule the scans, especially with auto-remediation, when the network load is low, e.g., during lunch breaks or running them off-hours. Check with the help of monitoring tools or system administrators what other processes, like periodic A/V scanning, backup jobs, or report generation, can cause heavy CPU or I/O contentions and make sure your scans and these processes are not scheduled for the same time.
-
The amount of scanning activity and its effect will be determined largely by the scanning profile chosen. e.g., a full scan profile will use considerably more resources than a missing patch scan profile. It is recommended to personalize a scanning profile to meet your environment's needs and configure LanGuard to only scan for the vulnerabilities relevant to your environment.
- Scanning for the Microsoft Security patches may cause high CPU usage on the target machines; refer to the Scanning Causes High CPU Usage on Target Machine for the solution steps.